[PATCH v7 7/9] Boot var automatic management for removable medias
João Marcos Costa
jmcosta944 at gmail.com
Mon Oct 16 09:58:17 CEST 2023
Hello,
Em seg., 16 de out. de 2023 às 08:47, Masahisa Kojima <
masahisa.kojima at linaro.org> escreveu:
> From: Raymond Mao <raymond.mao at linaro.org>
>
> Changes for complying to EFI spec §3.5.1.1
> 'Removable Media Boot Behavior'.
> Boot variables can be automatically generated during a removable
> media is probed. At the same time, unused boot variables will be
> detected and removed.
>
> Please note that currently the function 'efi_disk_remove' has no
> ability to distinguish below two scenarios
> a) Unplugging of a removable media under U-Boot
> b) U-Boot exiting and booting an OS
> Thus currently the boot variables management is not added into
> 'efi_disk_remove' to avoid boot options being added/erased
> repeatedly under scenario b) during power cycles
> See TODO comments under function 'efi_disk_remove' for more details
>
> The original efi_secboot tests expect that BootOrder EFI variable
> is not defined. With this commit, the BootOrder EFI variable is
> automatically added when the disk is detected. The original
> efi_secboot tests end up with unexpected failure.
> The efi_secboot tests need to be modified to explicitly set
> the BootOrder EFI variable.
>
> squashfs ls test is also affected by this modification, need to
> clear the previous state before squashfs ls test starts.
>
> Co-developed-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> Signed-off-by: Masahisa Kojima <masahisa.kojima at linaro.org>
> Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> Reviewed-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
> Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
> ---
> lib/efi_loader/efi_disk.c | 18 ++++++++
> lib/efi_loader/efi_setup.c | 7 ++++
> test/py/tests/test_efi_secboot/test_signed.py | 42 +++++++++----------
> .../test_efi_secboot/test_signed_intca.py | 14 +++----
> .../tests/test_efi_secboot/test_unsigned.py | 14 +++----
> .../test_fs/test_squashfs/test_sqfs_ls.py | 6 +++
> 6 files changed, 66 insertions(+), 35 deletions(-)
>
> diff --git a/lib/efi_loader/efi_disk.c b/lib/efi_loader/efi_disk.c
> index f0d76113b0..b808a7fe62 100644
> --- a/lib/efi_loader/efi_disk.c
> +++ b/lib/efi_loader/efi_disk.c
> @@ -690,6 +690,13 @@ int efi_disk_probe(void *ctx, struct event *event)
> return -1;
> }
>
> + /* only do the boot option management when UEFI sub-system is
> initialized */
> + if (IS_ENABLED(CONFIG_CMD_BOOTEFI_BOOTMGR) &&
> efi_obj_list_initialized == EFI_SUCCESS) {
> + ret = efi_bootmgr_update_media_device_boot_option();
> + if (ret != EFI_SUCCESS)
> + return -1;
> + }
> +
> return 0;
> }
>
> @@ -742,6 +749,17 @@ int efi_disk_remove(void *ctx, struct event *event)
> dev_tag_del(dev, DM_TAG_EFI);
>
> return 0;
> +
> + /*
> + * TODO A flag to distinguish below 2 different scenarios of this
> + * function call is needed:
> + * a) Unplugging of a removable media under U-Boot
> + * b) U-Boot exiting and booting an OS
> + * In case of scenario a),
> efi_bootmgr_update_media_device_boot_option()
> + * needs to be invoked here to update the boot options and remove
> the
> + * unnecessary ones.
> + */
> +
> }
>
> /**
> diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
> index e6de685e87..37359a77bb 100644
> --- a/lib/efi_loader/efi_setup.c
> +++ b/lib/efi_loader/efi_setup.c
> @@ -245,6 +245,13 @@ efi_status_t efi_init_obj_list(void)
> if (ret != EFI_SUCCESS)
> goto out;
>
> + if (IS_ENABLED(CONFIG_CMD_BOOTEFI_BOOTMGR)) {
> + /* update boot option after variable service initialized */
> + ret = efi_bootmgr_update_media_device_boot_option();
> + if (ret != EFI_SUCCESS)
> + goto out;
> + }
> +
> /* Define supported languages */
> ret = efi_init_platform_lang();
> if (ret != EFI_SUCCESS)
> diff --git a/test/py/tests/test_efi_secboot/test_signed.py
> b/test/py/tests/test_efi_secboot/test_signed.py
> index ca52e853d8..2f862a259a 100644
> --- a/test/py/tests/test_efi_secboot/test_signed.py
> +++ b/test/py/tests/test_efi_secboot/test_signed.py
> @@ -29,7 +29,7 @@ class TestEfiSignedImage(object):
> output = u_boot_console.run_command_list([
> 'host bind 0 %s' % disk_img,
> 'efidebug boot add -b 1 HELLO1 host 0:1
> /helloworld.efi.signed -s ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'bootefi bootmgr'])
> assert 'Hello, world!' in ''.join(output)
>
> @@ -37,7 +37,7 @@ class TestEfiSignedImage(object):
> # Test Case 1b, run unsigned image if no PK
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 2 HELLO2 host 0:1 /helloworld.efi
> -s ""',
> - 'efidebug boot next 2',
> + 'efidebug boot order 2',
> 'bootefi bootmgr'])
> assert 'Hello, world!' in ''.join(output)
>
> @@ -59,13 +59,13 @@ class TestEfiSignedImage(object):
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO1 host 0:1
> /helloworld.efi.signed -s ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert('\'HELLO1\' failed' in ''.join(output))
> assert('efi_start_image() returned: 26' in ''.join(output))
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 2 HELLO2 host 0:1 /helloworld.efi
> -s ""',
> - 'efidebug boot next 2',
> + 'efidebug boot order 2',
> 'efidebug test bootmgr'])
> assert '\'HELLO2\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -77,12 +77,12 @@ class TestEfiSignedImage(object):
> 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> - 'efidebug boot next 2',
> + 'efidebug boot order 2',
> 'efidebug test bootmgr'])
> assert '\'HELLO2\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> output = u_boot_console.run_command_list([
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'bootefi bootmgr'])
> assert 'Hello, world!' in ''.join(output)
>
> @@ -105,7 +105,7 @@ class TestEfiSignedImage(object):
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO host 0:1
> /helloworld.efi.signed -s ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -117,7 +117,7 @@ class TestEfiSignedImage(object):
> 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db'])
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -143,7 +143,7 @@ class TestEfiSignedImage(object):
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO host 0:1
> /helloworld.efi.signed -s ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -170,7 +170,7 @@ class TestEfiSignedImage(object):
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO host 0:1
> /helloworld.efi.signed_2sigs -s ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert 'Hello, world!' in ''.join(output)
>
> @@ -181,7 +181,7 @@ class TestEfiSignedImage(object):
> 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize db'])
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert 'Hello, world!' in ''.join(output)
>
> @@ -193,7 +193,7 @@ class TestEfiSignedImage(object):
> 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -205,7 +205,7 @@ class TestEfiSignedImage(object):
> 'setenv -e -nv -bs -rt -at -a -i 4000000:$filesize dbx'])
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -230,7 +230,7 @@ class TestEfiSignedImage(object):
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO host 0:1
> /helloworld.efi.signed_2sigs -s ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -254,7 +254,7 @@ class TestEfiSignedImage(object):
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO host 0:1
> /helloworld.efi.signed -s ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'bootefi bootmgr'])
> assert 'Hello, world!' in ''.join(output)
>
> @@ -265,7 +265,7 @@ class TestEfiSignedImage(object):
> 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -279,7 +279,7 @@ class TestEfiSignedImage(object):
> 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx'])
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -307,7 +307,7 @@ class TestEfiSignedImage(object):
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO host 0:1
> /helloworld.efi.signed_2sigs -s ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -330,7 +330,7 @@ class TestEfiSignedImage(object):
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO host 0:1
> /helloworld.efi.signed_2sigs -s ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -349,7 +349,7 @@ class TestEfiSignedImage(object):
> output = u_boot_console.run_command_list([
> 'host bind 0 %s' % disk_img,
> 'efidebug boot add -b 1 HELLO1 host 0:1
> /helloworld_forged.efi.signed -s ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert('hELLO, world!' in ''.join(output))
>
> @@ -364,7 +364,7 @@ class TestEfiSignedImage(object):
> 'setenv -e -nv -bs -rt -at -i 4000000:$filesize PK'])
> assert 'Failed to set EFI variable' not in ''.join(output)
> output = u_boot_console.run_command_list([
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert(not 'hELLO, world!' in ''.join(output))
> assert('\'HELLO1\' failed' in ''.join(output))
> diff --git a/test/py/tests/test_efi_secboot/test_signed_intca.py
> b/test/py/tests/test_efi_secboot/test_signed_intca.py
> index d8d599d22f..8d9a5f3e7f 100644
> --- a/test/py/tests/test_efi_secboot/test_signed_intca.py
> +++ b/test/py/tests/test_efi_secboot/test_signed_intca.py
> @@ -40,7 +40,7 @@ class TestEfiSignedImageIntca(object):
>
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO_a host 0:1
> /helloworld.efi.signed_a -s ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO_a\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -49,7 +49,7 @@ class TestEfiSignedImageIntca(object):
> # Test Case 1b, signed and authenticated by root CA
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 2 HELLO_ab host 0:1
> /helloworld.efi.signed_ab -s ""',
> - 'efidebug boot next 2',
> + 'efidebug boot order 2',
> 'bootefi bootmgr'])
> assert 'Hello, world!' in ''.join(output)
>
> @@ -71,7 +71,7 @@ class TestEfiSignedImageIntca(object):
>
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO_abc host 0:1
> /helloworld.efi.signed_abc -s ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO_abc\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -81,7 +81,7 @@ class TestEfiSignedImageIntca(object):
> output = u_boot_console.run_command_list([
> 'fatload host 0:1 4000000 db_b.auth',
> 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO_abc\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> @@ -91,7 +91,7 @@ class TestEfiSignedImageIntca(object):
> output = u_boot_console.run_command_list([
> 'fatload host 0:1 4000000 db_c.auth',
> 'setenv -e -nv -bs -rt -at -i 4000000:$filesize db',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert 'Hello, world!' in ''.join(output)
>
> @@ -117,7 +117,7 @@ class TestEfiSignedImageIntca(object):
>
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO_abc host 0:1
> /helloworld.efi.signed_abc -s ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert 'Hello, world!' in ''.join(output)
> # Or,
> @@ -129,7 +129,7 @@ class TestEfiSignedImageIntca(object):
> output = u_boot_console.run_command_list([
> 'fatload host 0:1 4000000 dbx_c.auth',
> 'setenv -e -nv -bs -rt -at -i 4000000:$filesize dbx',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert '\'HELLO_abc\' failed' in ''.join(output)
> assert 'efi_start_image() returned: 26' in ''.join(output)
> diff --git a/test/py/tests/test_efi_secboot/test_unsigned.py
> b/test/py/tests/test_efi_secboot/test_unsigned.py
> index df63f0df08..7c078f220d 100644
> --- a/test/py/tests/test_efi_secboot/test_unsigned.py
> +++ b/test/py/tests/test_efi_secboot/test_unsigned.py
> @@ -36,11 +36,11 @@ class TestEfiUnsignedImage(object):
>
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO host 0:1 /helloworld.efi -s
> ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'bootefi bootmgr'])
> assert '\'HELLO\' failed' in ''.join(output)
> output = u_boot_console.run_command_list([
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert 'efi_start_image() returned: 26' in ''.join(output)
> assert 'Hello, world!' not in ''.join(output)
> @@ -65,7 +65,7 @@ class TestEfiUnsignedImage(object):
>
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO host 0:1 /helloworld.efi -s
> ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'bootefi bootmgr'])
> assert 'Hello, world!' in ''.join(output)
>
> @@ -89,11 +89,11 @@ class TestEfiUnsignedImage(object):
>
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO host 0:1 /helloworld.efi -s
> ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'bootefi bootmgr'])
> assert '\'HELLO\' failed' in ''.join(output)
> output = u_boot_console.run_command_list([
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert 'efi_start_image() returned: 26' in ''.join(output)
> assert 'Hello, world!' not in ''.join(output)
> @@ -107,11 +107,11 @@ class TestEfiUnsignedImage(object):
>
> output = u_boot_console.run_command_list([
> 'efidebug boot add -b 1 HELLO host 0:1 /helloworld.efi -s
> ""',
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'bootefi bootmgr'])
> assert '\'HELLO\' failed' in ''.join(output)
> output = u_boot_console.run_command_list([
> - 'efidebug boot next 1',
> + 'efidebug boot order 1',
> 'efidebug test bootmgr'])
> assert 'efi_start_image() returned: 26' in ''.join(output)
> assert 'Hello, world!' not in ''.join(output)
> diff --git a/test/py/tests/test_fs/test_squashfs/test_sqfs_ls.py
> b/test/py/tests/test_fs/test_squashfs/test_sqfs_ls.py
> index 527a556ed8..3b8118104f 100644
> --- a/test/py/tests/test_fs/test_squashfs/test_sqfs_ls.py
> +++ b/test/py/tests/test_fs/test_squashfs/test_sqfs_ls.py
> @@ -118,6 +118,12 @@ def test_sqfs_ls(u_boot_console):
> """
> build_dir = u_boot_console.config.build_dir
>
> + # If the EFI subsystem is enabled, default file(e.g.
> EFI/BOOT/BOOTAA64.EFI)
> + # is scanned when the new disk is detected. This ends up with the
> unexpected
> + # output at the first 'sqfsls' command.
> + # Clear the previous state.
> + u_boot_console.restart_uboot()
> +
> # setup test environment
> check_mksquashfs_version()
> generate_sqfs_src_dir(build_dir)
> --
> 2.34.1
>
>
Signed-off-by: Joao Marcos Costa <jmcosta944 at gmail.com>
--
Best regards,
João Marcos Costa
www.linkedin.com/in/jmarcoscosta/
https://github.com/jmarcoscosta
More information about the U-Boot
mailing list